XSS vulnerability and information leak in user options CGI

Bug #1747209 reported by Mark Sapiro
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Mark Sapiro

Bug Description


A crafted URL for a user options page can cause a browser to execute arbitrary script encoded in the URL.

Also, in developing a fix for this issue it was discovered that a user options URL with a VARHELP query fragment would display the user options page without requiring login. No changes could be made and the settings revealed are not particularly sensitive, but this could be used to fish for membership on a list with a private roster.

Thanks to Calum Hutton for the original report.

Related branches

CVE References

Revision history for this message
Mark Sapiro (msapiro) wrote :
description: updated
Mark Sapiro (msapiro)
information type: Private Security → Public
Mark Sapiro (msapiro)
Changed in mailman:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers